User Authentication System and Method for Encryption and Decryption

ABSTRACT

A system configured to authenticate a user for encryption or decryption includes a user authentication apparatus, a computer-readable medium operable to communicate with the user authentication apparatus, and an encryption and decryption computer communicating with the user authentication apparatus. The computer-readable medium may store user identifying information and encryption and decryption data. The encryption and decryption computer may be configured to receive an application programming interface (API) for interfacing with the user authentication apparatus and receive the user identifying information from the computer-readable medium via the API. A user may be authenticated based on the user identifying information and, once the user is authenticated, the encryption and decryption data may be read.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No.13/717,558, filed Dec. 17, 2012, which is a continuation of U.S. patentapplication Ser. No. 12/957,479, filed Dec. 1, 2010, now U.S. Pat. No.8,359,476, which is a continuation of U.S. patent application Ser. No.12/128,501, filed May 28, 2008, now U.S. Pat. No. 7,865,728, which is acontinuation of U.S. patent application Ser. No. 11/382,691, filed onMay 10, 2006, now abandoned, which is a continuation of U.S. patentapplication Ser. No. 10/658,246, filed Sep. 8, 2003, now U.S. Pat. No.7,096,358, which is a continuation-in-part of U.S. patent applicationSer. No. 09/259,991, filed Mar. 1, 1999, now U.S. Pat. No. 6,981,141,which is a continuation-in-part of U.S. patent application Ser. No.09/074,191, filed May 7, 1998, now U.S. Pat. No. 6,185,681, thedisclosures of which are incorporated herein by reference.

Other related applications: application Ser. No. 11/627,856 filed Jan.26, 2007, now abandoned, which is a continuation of application Ser. No.11/382,691.

NOTICE OF COPYRIGHTS AND TRADE DRESS

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. This patent document may showand/or describe matter which is or may become trade dress of the owner.The copyright and trade dress owner has no objection to the facsimilereproduction by anyone of the patent disclosure as it appears in thePatent and Trademark Office patent files or records, but otherwisereserves all copyright and trade dress rights whatsoever.

BACKGROUND

1. Field

This disclosure relates to cryptographic systems and electronic documentmanagement systems.

2. Description of the Related Art

Global access of electronic information can be critical for even thesmallest of businesses today. Very few companies operate solely withinthe boundaries of a single location or their employee list. Over thelast 25 years technology has rapidly advanced and expanded theseboundaries. The advent of such technologies as the Internet, intranets,extranets, and e-mail have made the electronic transfer of informationcommon place in businesses today. Management of business information iscritical to the success of modern businesses. A technology known asElectronic Document Management (EDM) aims to provide organizations withthe ability to find any document, created in any application, by anyone,at any time, dealing with any subject, at any place in the world. EDMincludes managing multiple versions of a document. PC DOCS, Inc.(Burlington, Mass.) is one of the world's leading providers of EDMsolutions. With the advanced technology of EDM comes a wide variety ofinformation that has varying economic values and privacy aspects. Usersmay not know what information is monitored or intercepted or who isusing their computer.

An electronic document management system (EDMS) is a combination ofdatabases, indexes, and search engines utilized to store and retrieveelectronic documents distributed across an organization. An EDMS isdesigned to provide the structure required for an organization toproperly manage and share its electronic document resources.

A wide array of information is typically stored in a company's EDMS.This includes:

strategic and corporate plans;

proprietary product and service information;

confidential legal documents;

private health information; and

private employment information.

As companies increase the efficiency of accessing more information,their security risks also increase. According to a recent survey byErnst & Young LLP:

74% of the respondents said their security risks have increased over theprior two years;

more than a quarter said that their security risks have increase at afaster rate than the growth of their computing;

55% of the respondents lacked confidence that their computer systemscould withstand an internal attack;

71% of security professionals are not confident that their organizationsare protected from external attack; and

two thirds of the respondents reported losses resulting from a securitybreach over the prior two years.

The bottom line is simple—the more information available, the moresecurity needed.

It has been said that “There is no need to break the window of a houseif the front door is unlocked.” This saying certainly applies tocomputer security. The “unlocked doors” in electronic informationsecurity include:

e-mail;

electronic document management “including non-EDMS file systems); and

stolen hardware.

One of the fastest growing means of communication today is e-mail. It isestimated that over one million e-mail messages pass through theInternet every hour. E-mail provides a quick, economical, easy to usemethod of sharing both thoughts and electronic information.Unfortunately, e-mail is like an electronic postcard for the world tosee. It is transmitted across the Internet using the Simple-mailTransfer Protocol (SMTP). This protocol has virtually no securityfeatures. Messages and files can be read by anyone who comes intocontact with them.

The number of documents managed by organizations increases daily.Knowledge is becoming the most important product for companies today. AsEDM enhances a company's productivity and efficiency to manage thatknowledge it also exposes that company to unauthorized access to thatknowledge. The typical EDMS solely relies on password protection forsecurity.

The value of the approximately 265,000 portable computers (laptops,notebooks, palmtops) reported stolen in 1996 was $805 million, a 27%increase from 1995. However, the data on these portable computers isworth much more than the hardware itself. It is critical that the datastored on any type of hardware, whether it is a desktop computer,portable computer or server, must be properly secured from anyunauthorized access.

Some of the “locks” used for electronic information security include:

passwords,

firewalls,

smart cards, and

encryption.

Passwords are often used to prevent unauthorized individuals fromaccessing electronic data. Passwords may also be used to link activitiesthat have occurred to a particular individual. The problem withpasswords is that if any unauthorized party steals or guesses apassword, the security of the computer system may be severelycompromised. Passwords are wholly inadequate for file archiving.

Systems using firewalls prevent intruders from accessing the firm'sinternal systems. Password-based firewall systems do not providepositive user identification nor do they protect electronic data that isstored on a server, has left the firm on a portable computer, is sentvia e-mail over the Internet, or is stored on a floppy disk.

The typical smart card is a self-contained, tamper resistant, creditcard size device that selves as a storage device and is equipped with anintegrated microprocessor chip and non-volatile electronic memory. Thesmart card processes information on the integrated microprocessor chip.Security is enhanced because the user must have the smart card alongwith the user's confidential information (e.g., a password) to gainaccess to their computer files. Passwords are kept off computer hostsand on the smart card to enhance security. Smart cards typically canonly be accessed with a user defined password. Many smart cards includea lock-out feature so that failed attempts at the smart card passwordwill lock the card out to prevent any unauthorized or fraudulent use ofthe smart card. ISO 7816 compliant smart cards and smart card readersfollow industry standards.

Increasingly, information technology professionals are turning toencryption technologies to ensure the privacy of business information.Encryption can provide confidentiality, source authentication, and dataintegrity. Unfortunately encryption generally is cumbersome anddifficult to use. A major obstacle for the implementation of encryptiontechnologies has been their disruption to the users' workflow.

Encryption is a process of scrambling data utilizing a mathematicalfunction called an encryption algorithm, and a key that affects theresults of this mathematical function. Data, before becoming encrypted,is said to be “clear text.” Encrypted data is said to be “cipher text.”With most encryption algorithms, it is nearly impossible to convertcipher text back to clear text without knowledge of the encryption keyused. The strength of the encrypted data is generally dependent upon theencryption algorithm and the size of the encryption key.

There are two types of encryption: symmetric (private key) andasymmetric (public key).

Private key encryption uses a common secret key for both encryption anddecryption. Private key encryption is best suited to be used in trustedwork groups. It is fast and efficient, and properly secures large files.The leading private key encryption is DES (Data Encryption Standard).DES was adopted as a federal standard in 1977. It has been extensivelyused and is considered to be strong encryption. Other types of privatekey encryption include: Triple-DES, IDEA, RC4, MD5, Blowfish and TripleBlowfish.

Public key encryption uses a pair of keys, one public and one private.Each user has a personal key pair, and the user's public (or decryption)key is used by others to send encrypted messages to the user, while theprivate (or decryption) key is employed by the user to decrypt messagesreceived. Public key encryption and key generation algorithms includethe public domain Diffie Hellman algorithm, the RSA algorithm inventedby Riversi, Shamir and Adleman at the Massachusetts Institute ofTechnology (MIT), and the Pretty Good Privacy algorithm (PGP) developedby Phil Zimmermann. Because of their mathematical structure, public keyencryption is slower than most private key systems, thus making themless efficient for use in a trusted network or for encrypting largefiles.

Although these private key and public key encryption algorithms do agood job at maintaining the confidentiality of the encrypted matter,they have numerous problems. The biggest obstacle to adoption of anytype of encryption system has been ease of use. Typical encryptionsystems are very cumbersome. They require a user to interrupt theirnormal work flow, save the clear text document, activate the separateencryption software, and save the cipher text document under a differentname. Where the subject document is ordinary e-mail contents, theprocess is especially cumbersome, because the clear text must first becreated in a separate application, then encrypted, then attached to thee-mail message.

A major concern in computing today is “total cost of ownership,” or TCO.TCO recognizes that while a program might be inexpensive (or even freein the case of PGP for non-commercial use), there are significant costsin using the software. This includes the cost of installation, training,lost productivity during use and from bugs, and maintenance.

Even where one of the typical encryption systems might satisfy a user'sTCO needs, they may not even be an available option. For example,typical EDMSes are self-contained and are not compatible with typicalencryption systems.

It is therefore the object of the invention to provide a documentencryption and decryption system which solves these problems. It is afurther object to provide a document encryption and decryption systemwhich works with minimal disruption of a user's normal workflow. It is afurther object to provide a document encryption and decryption systemwhich is compatible with EDMSes. It is a further object to provide adocument encryption and decryption system which minimizes TCO. It is afurther object to provide a document encryption and decryption systemwhich takes advantage of the features of smart cards which are notavailable from pure on-line security systems.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a computer network.

FIG. 2 is a block diagram of a general purpose computer.

FIG. 3 is a functional block diagram of a cryptographic system.

FIG. 4 is a flowchart of an encryption process.

FIG. 5 is a flowchart of a decryption process.

Throughout this description, elements appearing in figures are assignedthree-digit reference designators, where the most significant digit isthe figure number and the two least significant digits are specific tothe element. An element that is not described in conjunction with afigure may be presumed to have the same characteristics and function asa previously described element having a reference designator with thesame least significant digits.

DETAILED DESCRIPTION

FIG. 1 shows a local area network (LAN) 100. To network communicationlines 160 are coupled a number of workstations 150 a, 150 b, 150 c, 150d. A number of file servers 120 a, 120 b also are coupled to the networkcommunication lines 160. The network communications lines 160 may bewire, fiber, or wireless channels as known in the art. A user at any ofthe workstations 150 preferably may log on to at least one file server120 as known in the art, and in some embodiments a workstation 150 maybe logged on to multiple file servers 120. One or more remoteworkstations 170 may be provided for dial-in access to the server 120 athrough the public switched telephone network 130 or other remote accessmeans. Network printers 140 a, 140 b are also provided for printingdocuments. The network 100 may also include hubs, routers and otherdevices (not shown).

FIG. 2 shows a general purpose computer 200 which is representative ofthe workstations 150 and file servers 120. The computer 200 preferablyincludes an Intel Corporation (San Jose, Calif.) processor 255 and runsa Microsoft Corporation (Redmond, Wash.) Windows operating system. Inconjunction with the processor 255, the computer 200 has a short termmemory 250 (preferably RAM) and a long term memory 280 (preferably ahard disk) as known in the art. The computer 200 further includes a LANinterface 215, a display 205, a display adapter 220, a keyboard 230, amouse 240, a smart card reader 260 and a bus 210 as known in the art.

The smart card reader 260 preferably complies with ISO 7816, a standardavailable from the American National Standards Institute (ANSI). Tointerface the smart card reader 260 to the computer's Windows operatingsystem and other software, the computer 200 preferably includes an APIprovided by the smart card reader manufacturer. Alternatively, thecomputer 200 may include Microsoft's smart card API-SCard COM, availableat www.microsoft.com/smartcard.

A user's smart card 265 preferably stores a unique user ID and passwordand a definable hierarchy of encryption keys. The hierarchy preferablyforms a table wherein a key name is associated with each key value inthe table, and the table may store both encryption keys and decryptionkeys as necessary for the selected cryptographic algorithms. It shouldbe appreciated that, in private key cryptography, the same key value isused for both encryption and decryption.

Although something as simple as a user ID/password scheme could be usedwith the keys stored in the disk 280 or memorized by the user, a datareader device and portable data storage device such as the smart cardreader 260 and smart card 265 are preferred. Instead of the smart cardreader 260 and smart card 265, there could be provided, for example, abiometric recognition system, wireless identification devices, hand heldtokens, etc. Preferably, the portable data storage device can securelystore one or more encryption and decryption keys. However, a biometricrecognition system may provide key selection based on inherent biometricfeatures, eliminating the need to actually store keys in a componentexternal to the computer 200. Where the portable data storage device isused solely as a source of positive identification (i.e.,authentication), the keys may be stored on the 120 file server forexample and accessed through a certificate mechanism.

Before proceeding, a few terms are defined. By “file server” it is meanta computer which controls access to file and disk resources on anetwork, and provides security and synchronization on the networkthrough a network operating system. By “server” it is meant hardware orsoftware which provides network services. By “workstation” it is meant aclient computer which routes commands either to its local operatingsystem or to a network interface adapter for processing and transmissionon the network. By “client” it is meant software which is serviced by aserver. A workstation may function as a server by including appropriatesoftware, and may be for example, a print server, archive server orcommunication server. By “software” it is meant one or more computerinterpretable programs and/or modules related and preferably integratedfor performing a desired function. By “document” it is meant a named,structural unit of text, graphics and/or other data that can be stored,retrieved and exchanged among systems and users as a separate unit.

Referring now to FIG. 3, there is shown a conceptual block diagram ofseveral functional units relevant to the invention which operate withinthe file server 120 and workstation 120. The workstation 150 includes atleast one application 350. The application 350 is a collection ofsoftware components used to perform specific types of user-oriented workand may be, for example, a graphic editor, a word processor or aspreadsheet.

As is typical in the art, the workstation 150 obtains access to the fileserver 120 through a user ID and password system which extends to thefile system on the file server 120. The file server has an access server315 for handling the filer server's user authentication and accesscontrol duties, and the workstation 150 include an access client 310through which a user signs on to the file server 120. In the preferredembodiment, the access server 315 is a part of Windows NT Server, andthe access client 310 is a part of Windows 95 and Windows NTWorkstation. Other operating systems such as Unix and Novell Netwarealso include access servers and access clients for providing userauthentication and file level security.

Within the file server 120 there is preferably an EDM server 310. Tointerface with the EDM server 325, the workstation 150 includes an EDMclient 320, sometimes referred to as an “EDM plug-in.” The EDM server325 controls an EDM database 345 and EDM indexes (not shown), andpreferably provides EDM search engines. The EDM database 345 itself maybe distributed, for example across file systems and file servers, andmay be entirely or partially in the workstation 150. The EDM server 325may include a database server such as a SQL server for interfacing tothe EDM database 345. The EDM client 320 provides the workstation withan interface to the EDM server and therefore allows access by a user atthe workstation 150 to the EDM database 345, indexing and searchservices provided by the EDM server 325.

The EDMS of the preferred embodiment is SQL-based. Thus, the EDMdatabase 345 comprises a SQL database, the EDM server 325 comprises aSQL server, and the EDM client 320 comprises a SQL plug-in. The SQLdatabase stores file and file location information. A “repository,”which could be considered part of the EDM database 345, stores thefiles, and is managed and distributed using techniques known in the art.In older EDM systems, the SQL plug-in comprises special software whichadapted particular popular applications for use with the EDMS. However,with the promulgation of the Open Document Management Architecture(ODMA) specification, applications are available which operateseamlessly with many contemporary EDM systems. Under ODMA, the EDMplug-in registers itself so that it handles file I/O.

The EDM server 325, EDM database 345 and EDM client 320 are describedherein as wholly separate from the respective operating systems of thefile server 120 and workstation 150. However, much if not all of the EDMserver 325, EDM database 345 and EDM client 320 could be fullyintegrated into and even become a part of the respective operatingsystems. In such an embodiment, the EDMS is just another part of anoperating system's general file and data management features.

As can be seen, the access server 315 and the access client 310functionally reside between the EDM server 325 and the EDM client 320,thereby separating the EDM server 325 and EDM client 320 with a measureof security. This aspect of FIG. 3 is the typical prior artconfiguration, and it provides file-level security for documents in theEDM database 345 controlled by the EDM server 325.

Positioned functionally between the application 350 and the EDM client310 is a crypto server 330. In typical prior art systems, theapplication 350 would communicate directly with the EDM client 310.However, in accordance with the invention, the crypto server 330 isfunctionally disposed between the application 350 and the EDM client310, and intercepts or traps I/O requests by the application whichotherwise would be intercepted or trapped by the EDM client 310.

The crypto server 330 of the invention is a software module whichtransparently handles the encryption of documents and the decryption ofencrypted documents, making encryption and decryption simple and easy touse. The crypto server 330 handles encryption and decryption withoutrequiring user input and without normally displaying status informationduring normal encryption and decryption operations. Preferably, the useror a system administrator may establish a system-level configurationdeterminative of when error messages should be displayed. Preferably,also, the system administrator may create and maintain a fileadministration table in the EDM database 345 which defines criteria forwhich files are to be encrypted and which key to use. The crypto server330 utilizes the file administration table, for example, to determine ifa new file should be encrypted, and which encryption key to use toencrypt the new file. The crypto server 330 preferably utilizes andupdates an encrypted files table in the EDM database 345 which listseach encrypted file.

The crypto server 330 may itself comprise a number of functional units.For example, the crypto server 330 preferably includes interfaces to oneor more cryptographic systems, such as those described in theDescription of the Related Art section above. The crypto server 330preferably also includes an interface to the smart card reader 260 (FIG.2) for reading the smart card 265. The smart card 265 preferably is usedto keep the encryption and decryption keys separate from the workstation150 and provide positive user identification. The crypto server 330 alsoworks with the access client 310 in performing user authentication andaccess. In particular, the typical prior art user access process isenhanced by requiring that the user enter a user ID and password whichare stored on the user's smart card 265.

Turning now to FIG. 4, there is shown a flowchart of the encryptionprocess in accordance with the invention. After the process begins (step405), it is preferred that the user submit to authentication by theaccess client 310 and access server 315 (step 410). The authenticationstep is preferably performed when the user signs onto the workstation150. Preferably, the user must insert his smart card 265 into the smartcard reader 260 and enter the user ID and password stored on the smartcard 265. Once authenticated, the smart card 265 then makes available,as needed, the encryption and decryption key information stored therein.

At some point after the user has been authenticated, the user will beworking on a document in the application 350, and at some point issue a“close,” “save” or “save as” command as known in the art (step 415). Thecommand is then translated into an “event” (step 420), and the cryptoserver 330 traps this event (step 425). Techniques for translatingcommands into events and trapping events are well known in the art andare typically different for each operating system. In Windows, the eventtranslation step comprises generating an event message.

The trapped event has the effect of alerting the crypto server 330 thatit may be necessary to encrypt the document. However, preferably beforeencrypting the document, the crypto server 330 tests whether thedocument should be encrypted (step 430). Preferably, at least threedifferent tests are performed.

In the first test, the crypto server 330 tests whether the user has beenauthenticated. The first test is relatively simple. Where the smart card265 or similar means is used for storing keys, this test is necessarybecause the keys will not even be available unless the user wasauthenticated.

In the second test, the crypto server 330 tests whether the document wasalready encrypted when it was opened by the application 350. By default,a document which was already encrypted when opened should be encryptedwhen closed or saved.

In the third test, the crypto server 330 tests whether the EDM database345 has an indicator that the document should be encrypted. As describedabove, the EDM database 345 includes a list of encrypted documents in anencrypted files table. The EDM database 345 preferably also includescriteria for new documents which indicate whether new documents, whenthe criteria are met, should be encrypted. The criteria are preferablystored in the file administration table described above. To perform thethird test, the crypto server 330 passes a database query to the EDMclient 320 to have the EDM server 325 query the EDM database 345. Forexisting files, the query is directed to the encrypted files table. Fornew files, the query is directed to the file administration table. TheEDM server 325 then passes the results of the test back to the EDMclient 320, which provides the test results to the crypto server 330.

If for any reason the document is not to be encrypted, then the cryptoserver 330 passes control to the EDM client 320 which performs the“close,” “save” or “save as” command on the unencrypted document.Alternatively, the decision not to encrypt, for one or more reasons, mayresult in an error message being displayed to the user, and may resultin the document not being closed or saved. At this point, for documentswhich are not to be encrypted, the method is complete (step 445).

If, in step 430, the document is to be encrypted, then the crypto server330 preferably obtains an encryption key name which is associated withthe document (step 450).

The crypto server 330 then uses the encryption key name to retrieve anencryption key value which is associated with the encryption key name(step 455). For most encryption algorithms, the encryption key is amulti-digit number which is difficult to remember and even difficult totranscribe. The encryption key name is preferably an alphanumericdescriptor which may be used by the user and/or system administrator foradministering the encryption key value. Preferably, the encryption keyvalue is also related to the identity of the user, and this isaccomplished by retrieving the encryption key value from the key tablestored in the smart card 265 which is associated with the relevantencryption key name.

Once the crypto server 330 has the encryption key value, the cryptoserver 330 then encrypts the document with the encryption key value(step 460), and passes control to the EDM client (step 435) so that thedocument may be saved (step 440). At this point, for documents which areto be encrypted, the method is complete (step 445).

Turning now to FIG. 5, there is shown a flowchart of the decryptionprocess in accordance with the invention. After the process begins (step505), it is preferred that the user submit to authentication (step 510).Authentication (step 505) preferably is the same for encryption anddecryption.

At some point after the user has been authenticated, the user will wishto open a document into the application 350 (step 515). The file opencommand may be issued from within the application 350 or may be issuedby a second application, with the nature of the document such that theapplication 350 will actually open the document and provide access tothe document's contents. In any case, once the user selects a documentto be opened, an “open” command is issued (step 517). The open commandis then translated into an event (step 520), and the crypto server 330traps this event (step 525).

The trapped event has the effect of alerting the crypto server 330 thatit may be necessary to decrypt the document. However, preferably beforedecrypting the document, the crypto server 330 tests whether thedocument should be decrypted (step 430). Preferably, these tests arecomplimentary to those described above with respect to the encryptionprocess.

If for any reason the document is not to be decrypted, then the cryptoserver 330 passes control to the EDM client 320 which performs the“open” command. Alternatively, the decision not to decrypt, for one ormore reasons, may result in an error message being displayed to theuser, and may result in the document not being opened. At this point,for documents which are not to be decrypted, the method is complete(step 545).

If, in step 530, the document is to be decrypted, then the crypto server330 preferably obtains a decryption key name which is associated withthe document (step 550). The decryption key name is preferably obtainedfrom the file's header or from the encrypted files table.

The crypto server 330 then uses the decryption key name to retrieve adecryption key value which is associated with the decryption key name(step 555). Preferably, the decryption key value, like the encryptionkey value, is also related to the identity of the user, and this isaccomplished by retrieving the decryption key value from the key tablestored in the smart card 265 and associated with the decryption keyname.

Once the crypto server 330 has the decryption key value, the cryptoserver 330 then decrypts the document with the decryption key value(step 560), and passes control to the EDM client (step 535) so that thedecrypted copy of the document may be opened into the application (step540). At this point, for documents which are to be decrypted, the methodis complete (step 545).

Closing Comments

Throughout this description, the embodiments and examples shown shouldbe considered as exemplars, rather than limitations on the apparatus andprocedures disclosed or claimed. Although many of the examples presentedherein involve specific combinations of method acts or system elements,it should be understood that those acts and those elements may becombined in other ways to accomplish the same objectives. With regard toflowcharts, additional and fewer steps may be taken, and the steps asshown may be combined or further refined to achieve the methodsdescribed herein. Acts, elements and features discussed only inconnection with one embodiment are not intended to be excluded from asimilar role in other embodiments.

For means-plus-function limitations recited in the claims, the means arenot intended to be limited to the means disclosed herein for performingthe recited function, but are intended to cover in scope any means,known now or later developed, for performing the recited function.

As used herein, “plurality” means two or more.

As used herein, a “set” of items may include one or more of such items.

As used herein, whether in the written description or the claims, theterms “comprising”, “including”, “carrying”, “having”, “containing”,“involving”, and the like are to be understood to be open-ended, i.e.,to mean including but not limited to. Only the transitional phrases“consisting of” and “consisting essentially of”, respectively, areclosed or semi-closed transitional phrases with respect to claims.

Use of ordinal terms such as “first”, “second”, “third”, etc., in theclaims to modify a claim element does not by itself connote anypriority, precedence, or order of one claim element over another or thetemporal order in which acts of a method are performed, but are usedmerely as labels to distinguish one claim element having a certain namefrom another element having a same name (but for use of the ordinalterm) to distinguish the claim elements.

As used herein, “and/or” means that the listed items are alternatives,but the alternatives also include any combination of the listed items.

What is claimed is:
 1. A system comprising: an authentication moduleauthenticating a user; and a crypto module encrypting an electronicdocument generated by an application program using at least oneencryption key to generate an encrypted document in response to acommand related to the electronic document received by the applicationprogram if the user has been authenticated by the authentication moduleand at least one encryption criteria is met, wherein the crypto modulecommunicates with an electronic document management system to permitexecution of the command by the electronic document management system onthe encrypted document.